| The firewall protects an internal network from | | | | use this field. Attackers can use this field in conjunction |
| malicious hackers or software on an external network. | | | | with IP spoofing to redirectnetwork packets to their |
| Firewalls filter potentially harmful incoming or outgoing | | | | systems. |
| traffic. Firewalls are used to subdivide internal | | | | • Application Filtering: This device will intercept |
| networks on the Internet. It also protects individual | | | | connections and performs security inspections. The |
| computers. The five services that firewalls provide are | | | | firewall acts as a proxy for connections between the |
| packet filtering, application filtering, proxy server, | | | | internal and external network. The firewall enforce |
| circuit-level, and stateful inspection. | | | | access control rules specific to the application. It is also |
| • Packet Filtering: A packet filtering firewall checks | | | | use to check incoming e-mails for virus attachments. |
| each packet crossing the device. It also inspects the | | | | These firewalls are often called e-mail gateways. |
| packet headers of all network packets going through | | | | • Proxy Server: A proxy server takes on |
| the firewall. | | | | responsibility for providing services between the |
| Source IP Address: It identifies the host that is sending | | | | internal and external network. Proxy server can be |
| the packet. Attackers can modify thisfield in an | | | | used to hide the addressing scheme of the internal |
| attempt to conduct IP spoofing. Firewalls are | | | | network. It can also be used to filter requests based |
| configured to reject packets that arrive atthe external | | | | on the protocol and address requested. |
| interface, that is either an erroneous host configuration | | | | • Circuit-Level: A circuit-level firewall controls TCP |
| or an attempt at IP spoofing. | | | | and UDP ports, but doesn't watch the datatransferred |
| Destination IP Address: This is the IP address that the | | | | over them. If a connection is established, the traffic is |
| packet is trying to reach. | | | | transferred without any furtherchecking. |
| IP Protocol ID: Each IP header has a protocol ID that | | | | • Stateful Inspection: An inspection firewall works at |
| follows. For example, Transmission | | | | the Network layer. It assesses the IP |
| Control Protocol (TCP) is ID 6, User Datagram Protocol | | | | headerinformation. It also monitors the state of each |
| (UDP) is ID 17, and Internet Control | | | | connection. Connections are rejected if they attempt |
| Message Protocol (ICMP) is ID 1. | | | | any actions that are not standard for the given |
| Fragmentation Flags: Firewalls examine and forward or | | | | protocol. These listed firewall features can be |
| reject fragmented packets. Asuccessful fragmentation | | | | implemented in combination by a given firewall |
| attack can allow an attacker to send packets that | | | | implementation. Placing a lot of firewalls in series is a |
| could compromise aninternal host. | | | | common practice to increase security at the network |
| IP Options Setting: This field is used for diagnostics. | | | | perimeter. |
| The firewall is configured to drop networkpackets that | | | | |